22

Several identical machines all running Fedora 21 in a cluster are all exhibiting identical issues:

Attempting to pull a user journal with journalctl -r gives:

No journal files were opened due to insufficient permissions.

Trying journalctl --user -r gives:

No journal files were found.

Checking in /var/log/journal/[whatever] yields system journals (which seem to work fine as root) and one or two user journals. Logging in as a user that has a user journal in this directory shows that these users can pull their own journal just fine.

It seems like journals are being created for some users but not others. I can find nothing different about the users with journals, and it's not the same users exhibiting the problem on every system, despite identical /etc/passwd, /etc/group, and /etc/shadow files across the systems.

All of this worked fine on Fedora 20.

Improve this question
1
  • Not a programming question - voted to close. Commented Jun 6, 2023 at 22:54

2 Answers 2

Reset to default
31

I believe this is related to How to allow a user to use journalctl to see user-specific systemd service logs?

I had this issue on Ubuntu 17.10. One of my users could view his journal entries, but another couldn't. The issue was resolved by changing the Storage directive of the [Journal] section of /etc/systemd/journald.conf to persistent:

Edit journald.conf

sudo vi /etc/systemd/journald.conf

Original Config

[Journal] #Storage=auto ...

New Config

[Journal] Storage=persistent ...

After a restart of journalctl, all users could view their respective logs:

sudo systemctl restart systemd-journald

From the journald.conf man page:

If "persistent", data will be stored preferably on disk, i.e. below the /var/log/journal hierarchy (which is created if needed), with a fallback to /run/log/journal (which is created if needed), during early boot and if the disk is not writable.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

In particular, the root cause for this is github.com/systemd/systemd/issues/2744: “ Allow users to read their own volatile journals”. TL;DR: only in /var/log [persistent], not in /run [volatile], are journal files spilt by UID.
I was having this issue on ubuntu and simply restarting with sudo systemctl restart systemd-journald was enough for some reason
Didn't have any effect on our server :c
To see/follow another user foouser's systemd user unit service ~foouser/.config/systemd/user/bar.service journald logs, the only workaround that worked for me on Debian 12 bullseye with journalctl/systemd 252 (252.38-1~deb12u1): sudo journalctl _UID=$(id -u foouser) _SYSTEMD_USER_UNIT=bar.service -f or sudo journalctl _SYSTEMD_USER_UNIT=bar.service -f. See unix.stackexchange.com/a/486566/20230
6

Check the output of id -u, if it shows a number less than 1000 then you stumble upon this resolved systemd bug. It is fixed since v254 release.

For older releases without the fix there is a known workaround for the case where you know the name of the unit you want to watch: the --user -u foo would need to be replaced with --user-unit foo.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.